Me ----(*.*.150.145) R1(*.*.150.21)=====IPsec=======(*.*.90.94)R2(*.*.90.92)---(Router(*.*.90.49))-Server.
C:\Documents and Settings\Administrator.>tracert *.*.60.31
Tracing route to *.*.60.31]
over a maximum of 30 hops:
1 32 ms <1 ms <1 ms x.x.43.129
2 1 ms <1 ms <1 ms x.x.5.13
3 1 ms <1 ms <1 ms x.x.150.145
4 * * * Request timed out.
5 * * * Request timed out.
6 36 ms 36 ms 36 ms *.*.60.31
Trace complete.
We want entries 4 and 5 to show themselves, like entries 1, 2 and 3. We only admin the left devices of the diagram.
I tried to put Permit ICMP any any to the crypto map on the tunnel. they showed. but when I put specific IP as 90.92 and 90.49 instead of any any. It became the same as the copied above. The log at ASDM show the coming back packet from *.*. 90.92 was " Adecapsulated IPsec does not match the negotiated identity. The peer is sending other traffic through this security association.".
I cannot figure out why? I opened a cisco case, they said the configuraiton is fine. Any idea?
thanks,
Han